公开(公告)号：US10303503B2

公开(公告)日：2019-05-28

申请号：US15432832

申请日：2017-02-14

Applicant: Intel Corporation

Inventor： Shamanna M. Datta ,  Alberto J. Munoz ,  Mahesh S. Natu ,  Scott T. Durrant

IPC: G06F9/455 ,  G06F21/53 ,  G06F21/52

Abstract: An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM.

公开(公告)号：US20220317906A1

公开(公告)日：2022-10-06

申请号：US17724379

申请日：2022-04-19

Applicant: Intel Corporation

Inventor： Murugasamy K. Nachimuthu ,  Mohan J. Kumar ,  Alberto J. Munoz

IPC: G06F3/06 ,  G06F16/174 ,  G06F21/57 ,  G06F21/73 ,  G06F8/65 ,  H04L41/0816 ,  H04L41/0853 ,  H04L41/12 ,  H04L67/10 ,  G06F11/30 ,  G06F9/50 ,  H01R13/453 ,  G06F9/48 ,  G06F9/455 ,  H05K7/14 ,  H04L61/5007 ,  H04L67/63 ,  H04L67/75 ,  H03M7/30 ,  H03M7/40 ,  H04L43/08 ,  H04L47/20 ,  H04L47/2441 ,  G06F11/07 ,  G06F11/34 ,  G06F7/06 ,  G06T9/00 ,  H03M7/42 ,  H04L12/28 ,  H04L12/46 ,  G06F13/16 ,  G06F21/62 ,  G06F21/76 ,  H03K19/173 ,  H04L9/08 ,  H04L41/044 ,  H04L49/104 ,  H04L43/04 ,  H04L43/06 ,  H04L43/0894 ,  G06F9/38 ,  G06F12/02 ,  G06F12/06 ,  G06T1/20 ,  G06T1/60 ,  G06F9/54 ,  H04L67/1014 ,  G06F8/656 ,  G06F8/658 ,  G06F8/654 ,  G06F9/4401 ,  H01R13/631

Abstract: Technologies for generating manifest data for a sled include a sled to generate manifest data indicative of one or more characteristics of the sled (e.g., hardware resources, firmware resources, a configuration of the sled, or a health of sled components). The sled is also to associate an identifier with the manifest data. The identifier uniquely identifies the sled from other sleds. Additionally, the sled is to send the manifest data and the associated identifier to a server. The sled may also detect a change in the hardware resources, firmware resources, the configuration, or component health of the sled. The sled may also generate an update of the manifest data based on the detected change, where the update specifies the detected change in the hardware resources, firmware resources, the configuration, or component health of the sled. The sled may also send the update of the manifest data to the server.

公开(公告)号：US20220116365A1

公开(公告)日：2022-04-14

申请号：US17561431

申请日：2021-12-23

Applicant: Intel Corporation

Inventor： Johan Van de Groenendaal ,  Alberto J. Munoz

IPC: H04L9/32 ,  G06F8/65 ,  G06Q20/38 ,  G06F16/23 ,  G06F21/64 ,  G06F16/27

Abstract: Technologies for attesting a deployment of a workload using a blockchain includes a compute engine that receives a request from a remote device to validate one or more parameters of a managed node composed of one or more sleds. The compute engine retrieves a blockchain associated with the managed node. The blockchain includes one or more blocks, each block including information about the parameters of the managed node. The compute engine validates the blockchain and sends an indication that the blockchain is valid to the requesting device.

公开(公告)号：US11223606B2

公开(公告)日：2022-01-11

申请号：US16023264

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Johan Van de Groenendaal ,  Alberto J. Munoz

IPC: G06F21/64 ,  H04L29/06 ,  G06F8/65 ,  G06Q20/38 ,  H04L9/32 ,  G06F16/23 ,  G06F16/27

Abstract: Technologies for attesting a deployment of a workload using a blockchain includes a compute engine that receives a request from a remote device to validate one or more parameters of a managed node composed of one or more sleds. The compute engine retrieves a blockchain associated with the managed node. The blockchain includes one or more blocks, each block including information about the parameters of the managed node. The compute engine validates the blockchain and sends an indication that the blockchain is valid to the requesting device.

公开(公告)号：US08924720B2

公开(公告)日：2014-12-30

申请号：US13629128

申请日：2012-09-27

Applicant: Intel Corporation

Inventor： Yeluri Raghuram ,  Steve Orrin ,  Alberto J. Munoz

IPC: H04L29/06

CPC classification number: H04L9/0825 ,  G06F9/45533 ,  H04L9/083 ,  H04L9/3234 ,  H04L63/0442 ,  H04L63/062 ,  H04L2463/062

Abstract: A method, device, and system for securely migrating and provisioning a virtual machine image to a host device of a cloud service provider environment (CSPE) is disclosed. A customer device encrypts a virtual machine image (VMI) and stores the VMI in the CSPE. The host device retrieves the encrypted VMI from the object store and sends host trust data (including a symmetric key extracted from the encrypted VMI, the symmetric key being encrypted with the customer public key) to a key management server for trust attestation. If the key management server successfully attests the host device, the key management server decrypts the encrypted symmetric key using the customer private key and re-encrypts the symmetric key using the host public key. The host device receives the re-encrypted symmetric key from the key management server, decrypts it using the host private key, and decrypts the encrypted VMI using the symmetric key.

Abstract translation: 公开了一种用于将虚拟机映像安全迁移并提供给云服务提供商环境（CSPE）的主机设备的方法，设备和系统。 客户设备加密虚拟机映像（VMI）并将VMI存储在CSPE中。 主机设备从对象存储中检索加密的VMI，并向密钥管理服务器发送主机信任数据（包括从加密的VMI提取的对称密钥，用客户公钥加密的对称密钥）到信任认证的密钥管理服务器。 如果密钥管理服务器成功验证主机设备，则密钥管理服务器使用客户私钥解密加密对称密钥，并使用主机公钥对对称密钥进行重新加密。 主机设备从密钥管理服务器接收重新加密的对称密钥，使用主机私钥对其进行解密，并使用对称密钥解密加密的VMI。

公开(公告)号：US20200007511A1

公开(公告)日：2020-01-02

申请号：US16023264

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Johan Van de Groenendaal ,  Alberto J. Munoz

IPC: H04L29/06 ,  G06F8/65

Abstract: Technologies for attesting a deployment of a workload using a blockchain includes a compute engine that receives a request from a remote device to validate one or more parameters of a managed node composed of one or more sleds. The compute engine retrieves a blockchain associated with the managed node. The blockchain includes one or more blocks, each block including information about the parameters of the managed node. The compute engine validates the blockchain and sends an indication that the blockchain is valid to the requesting device.

公开(公告)号：US10432586B2

公开(公告)日：2019-10-01

申请号：US15531168

申请日：2014-12-27

Applicant: INTEL CORPORATION

Inventor： Todd M. Rimmer ,  Thomas D. Lovett ,  Alberto J. Munoz

IPC: H04L29/06 ,  H04L12/64 ,  H04L12/823 ,  H04L12/947 ,  H04L29/08

Abstract: Technologies for fabric security include one or more managed network devices coupled to one or more computing nodes via high-speed fabric links. A managed network device enables a port and, while enabling the port, securely determines the node type of the link partner coupled to the port. If the link partner is a computing node, management access is not allowed at the port. The managed network device may allow management access at certain predefined ports, which may be connected to one of more management nodes. Management access may be allowed for additional ports in response to management messages received from the management nodes. The managed network device may check and verify data packet headers received from a compute node at each port. The managed network device may rate-limit management messages received from a compute node at each port. Other embodiments are described and claimed.

公开(公告)号：US20150082031A1

公开(公告)日：2015-03-19

申请号：US14550295

申请日：2014-11-21

Applicant: Intel Corporation

Inventor： Yeluri Ranghuram ,  Steve Orrin ,  Alberto J. Munoz

IPC: H04L9/08 ,  G06F9/455 ,  H04L9/32

CPC classification number: H04L9/0825 ,  G06F9/45533 ,  H04L9/083 ,  H04L9/3234 ,  H04L63/0442 ,  H04L63/062 ,  H04L2463/062

Abstract: A method, device, and system for securely migrating and provisioning a virtual machine image to a host device of a cloud service provider environment (CSPE) is disclosed. A customer device encrypts a virtual machine image (VMI) and stores the VMI in the CSPE. The host device retrieves the encrypted VMI from the object store and sends host trust data (including a symmetric key extracted from the encrypted VMI, the symmetric key being encrypted with the customer public key) to a key management server for trust attestation. If the key management server successfully attests the host device, the key management server decrypts the encrypted symmetric key using the customer private key and re-encrypts the symmetric key using the host public key. The host device receives the re-encrypted symmetric key from the key management server, decrypts it using the host private key, and decrypts the encrypted VMI using the symmetric key.

Abstract translation: 公开了一种用于将虚拟机映像安全迁移并提供给云服务提供商环境（CSPE）的主机设备的方法，设备和系统。 客户设备加密虚拟机映像（VMI）并将VMI存储在CSPE中。 主机设备从对象存储中检索加密的VMI，并向密钥管理服务器发送主机信任数据（包括从加密的VMI提取的对称密钥，用客户公钥加密的对称密钥）到信任认证的密钥管理服务器。 如果密钥管理服务器成功验证主机设备，则密钥管理服务器使用客户私钥解密加密对称密钥，并使用主机公钥对对称密钥进行重新加密。 主机设备从密钥管理服务器接收重新加密的对称密钥，使用主机私钥对其进行解密，并使用对称密钥解密加密的VMI。

公开(公告)号：US11838113B2

公开(公告)日：2023-12-05

申请号：US16656009

申请日：2019-10-17

Applicant: INTEL CORPORATION

Inventor： Alberto J. Munoz ,  Murugasamy K. Nachimuthu ,  Mohan J. Kumar ,  Wojciech Powiertowski ,  Sergiu D. Ghetie ,  Neeraj S. Upasani ,  Sagar V. Dalvi ,  Chukwunenye S. Nnebe ,  Jeanne Guillory

IPC: H04L29/06 ,  H04L43/08 ,  G06F16/901 ,  H04B10/25 ,  G02B6/38 ,  G02B6/42 ,  G02B6/44 ,  G06F1/18 ,  G06F1/20 ,  G06F3/06 ,  G06F8/65 ,  G06F9/30 ,  G06F9/4401 ,  G06F9/54 ,  G06F12/109 ,  G06F12/14 ,  G06F13/16 ,  G06F13/40 ,  G08C17/02 ,  G11C5/02 ,  G11C7/10 ,  G11C11/56 ,  G11C14/00 ,  H03M7/30 ,  H03M7/40 ,  H04L41/14 ,  H04L43/0817 ,  H04L43/0876 ,  H04L43/0894 ,  H04L49/00 ,  H04L49/25 ,  H04L49/356 ,  H04L49/45 ,  H04L67/02 ,  H04L67/306 ,  H04L69/04 ,  H04L69/329 ,  H04Q11/00 ,  H05K7/14 ,  G06F15/16 ,  G06F9/38 ,  G06F9/50 ,  H04L41/12 ,  H04L41/5019 ,  H04L43/16 ,  H04L47/24 ,  H04L47/38 ,  H04L67/1004 ,  H04L67/1034 ,  H04L67/1097 ,  H04L67/12 ,  H05K5/02 ,  H04W4/80 ,  G06Q10/087 ,  G06Q10/20 ,  G06Q50/04 ,  H04L43/065 ,  H04L61/00 ,  H04L67/51 ,  H04J14/00 ,  H04L41/147 ,  H04L67/1008 ,  H04L41/0813 ,  H04L67/1029 ,  H04L41/0896 ,  H04L47/70 ,  H04L47/78 ,  H04L41/082 ,  H04L67/00 ,  H04L67/1012 ,  B25J15/00 ,  B65G1/04 ,  H05K7/20 ,  H04L49/55 ,  H04L67/10 ,  H04W4/02 ,  H04L45/02 ,  G06F13/42 ,  H05K1/18 ,  G05D23/19 ,  G05D23/20 ,  H04L47/80 ,  H05K1/02 ,  H04L45/52 ,  H04Q1/04 ,  G06F12/0893 ,  H05K13/04 ,  G11C5/06 ,  G06F11/14 ,  G06F11/34 ,  G06F12/0862 ,  G06F15/80 ,  H04L47/765 ,  H04L67/1014 ,  G06F12/10 ,  G06Q10/06 ,  G06Q10/0631 ,  G07C5/00 ,  H04L12/28 ,  H04L41/02 ,  H04L9/06 ,  H04L9/14 ,  H04L9/32 ,  H04L41/046 ,  H04L49/15

CPC classification number: H04L43/08 ,  G02B6/3882 ,  G02B6/3893 ,  G02B6/3897 ,  G02B6/4292 ,  G02B6/4452 ,  G06F1/183 ,  G06F1/20 ,  G06F3/064 ,  G06F3/0613 ,  G06F3/0625 ,  G06F3/0653 ,  G06F3/0655 ,  G06F3/0664 ,  G06F3/0665 ,  G06F3/0673 ,  G06F3/0679 ,  G06F3/0683 ,  G06F3/0688 ,  G06F3/0689 ,  G06F8/65 ,  G06F9/30036 ,  G06F9/4401 ,  G06F9/544 ,  G06F12/109 ,  G06F12/1408 ,  G06F13/1668 ,  G06F13/409 ,  G06F13/4022 ,  G06F13/4068 ,  G06F15/161 ,  G06F16/9014 ,  G08C17/02 ,  G11C5/02 ,  G11C7/1072 ,  G11C11/56 ,  G11C14/0009 ,  H03M7/3086 ,  H03M7/4056 ,  H03M7/4081 ,  H04B10/25891 ,  H04L41/145 ,  H04L43/0817 ,  H04L43/0876 ,  H04L43/0894 ,  H04L49/00 ,  H04L49/25 ,  H04L49/357 ,  H04L49/45 ,  H04L67/02 ,  H04L67/306 ,  H04L69/04 ,  H04L69/329 ,  H04Q11/0003 ,  H05K7/1442 ,  B25J15/0014 ,  B65G1/0492 ,  G05D23/1921 ,  G05D23/2039 ,  G06F3/061 ,  G06F3/067 ,  G06F3/0611 ,  G06F3/0616 ,  G06F3/0619 ,  G06F3/0631 ,  G06F3/0638 ,  G06F3/0647 ,  G06F3/0658 ,  G06F3/0659 ,  G06F9/3887 ,  G06F9/505 ,  G06F9/5016 ,  G06F9/5044 ,  G06F9/5072 ,  G06F9/5077 ,  G06F11/141 ,  G06F11/3414 ,  G06F12/0862 ,  G06F12/0893 ,  G06F12/10 ,  G06F13/161 ,  G06F13/1694 ,  G06F13/42 ,  G06F13/4282 ,  G06F15/8061 ,  G06F2209/5019 ,  G06F2209/5022 ,  G06F2212/1008 ,  G06F2212/1024 ,  G06F2212/1041 ,  G06F2212/1044 ,  G06F2212/152 ,  G06F2212/202 ,  G06F2212/401 ,  G06F2212/402 ,  G06F2212/7207 ,  G06Q10/06 ,  G06Q10/06314 ,  G06Q10/087 ,  G06Q10/20 ,  G06Q50/04 ,  G07C5/008 ,  G08C2200/00 ,  G11C5/06 ,  H03M7/30 ,  H03M7/3084 ,  H03M7/40 ,  H03M7/4031 ,  H03M7/6005 ,  H03M7/6023 ,  H04B10/25 ,  H04J14/00 ,  H04L9/0643 ,  H04L9/14 ,  H04L9/3247 ,  H04L9/3263 ,  H04L12/2809 ,  H04L41/024 ,  H04L41/046 ,  H04L41/082 ,  H04L41/0813 ,  H04L41/0896 ,  H04L41/12 ,  H04L41/147 ,  H04L41/5019 ,  H04L43/065 ,  H04L43/16 ,  H04L45/02 ,  H04L45/52 ,  H04L47/24 ,  H04L47/38 ,  H04L47/765 ,  H04L47/782 ,  H04L47/805 ,  H04L47/82 ,  H04L47/823 ,  H04L49/15 ,  H04L49/555 ,  H04L61/00 ,  H04L67/10 ,  H04L67/1004 ,  H04L67/1008 ,  H04L67/1012 ,  H04L67/1014 ,  H04L67/1029 ,  H04L67/1034 ,  H04L67/1097 ,  H04L67/12 ,  H04L67/34 ,  H04L67/51 ,  H04Q1/04 ,  H04Q11/00 ,  H04Q11/0005 ,  H04Q11/0062 ,  H04Q11/0071 ,  H04Q2011/0037 ,  H04Q2011/0041 ,  H04Q2011/0052 ,  H04Q2011/0073 ,  H04Q2011/0079 ,  H04Q2011/0086 ,  H04Q2213/13523 ,  H04Q2213/13527 ,  H04W4/023 ,  H04W4/80 ,  H05K1/0203 ,  H05K1/181 ,  H05K5/0204 ,  H05K7/1418 ,  H05K7/1421 ,  H05K7/1422 ,  H05K7/1447 ,  H05K7/1461 ,  H05K7/1485 ,  H05K7/1487 ,  H05K7/1489 ,  H05K7/1491 ,  H05K7/1492 ,  H05K7/1498 ,  H05K7/2039 ,  H05K7/20709 ,  H05K7/20727 ,  H05K7/20736 ,  H05K7/20745 ,  H05K7/20836 ,  H05K13/0486 ,  H05K2201/066 ,  H05K2201/10121 ,  H05K2201/10159 ,  H05K2201/10189 ,  Y02D10/00 ,  Y02P90/30 ,  Y04S10/50 ,  Y04S10/52 ,  Y10S901/01

Abstract: Embodiments are generally directed apparatuses, methods, techniques and so forth to receive a sled manifest comprising identifiers for physical resources of a sled, receive results of an authentication and validation operations performed to authenticate and validate the physical resources of the sled, determine whether the results of the authentication and validation operations indicate the physical resources are authenticate or not authenticate. Further and in response to the determination that the results indicate the physical resources are authenticated, permit the physical resources to process a workload, and in response to the determination that the results indicate the physical resources are not authenticated, prevent the physical resources from processing the workload.

公开(公告)号：US11307787B2

公开(公告)日：2022-04-19

申请号：US15826051

申请日：2017-11-29

Applicant: Intel Corporation

Inventor： Murugasamy K. Nachimuthu ,  Mohan J. Kumar ,  Alberto J. Munoz

IPC: G06F15/173 ,  G06F3/06 ,  G06F16/174 ,  G06F21/57 ,  G06F21/73 ,  G06F8/65 ,  H04L41/0816 ,  H04L41/0853 ,  H04L41/12 ,  H04L67/10 ,  G06F11/30 ,  G06F9/50 ,  H01R13/453 ,  G06F9/48 ,  G06F9/455 ,  H03M7/30 ,  H03M7/40 ,  H04L43/08 ,  H04L47/20 ,  H04L47/2441 ,  G06F11/07 ,  G06F11/34 ,  G06F7/06 ,  G06T9/00 ,  H03M7/42 ,  H04L12/28 ,  H04L12/46 ,  H04L61/5007 ,  G06F13/16 ,  G06F21/62 ,  G06F21/76 ,  H03K19/173 ,  H04L9/08 ,  H04L41/044 ,  H04L49/104 ,  H04L67/63 ,  H04L67/75 ,  H04L43/04 ,  H04L43/06 ,  H04L43/0894 ,  G06F9/38 ,  G06F12/02 ,  G06F12/06 ,  G06T1/20 ,  G06T1/60 ,  G06F9/54 ,  H04L67/1014 ,  G06F8/656 ,  G06F8/658 ,  G06F8/654 ,  G06F9/4401 ,  H01R13/631 ,  H05K7/14 ,  H04L47/78 ,  G06F11/14 ,  H04L41/046 ,  H04L41/0896 ,  H04L41/142 ,  H04L29/06 ,  G06F15/80

Abstract: Technologies for generating manifest data for a sled include a sled to generate manifest data indicative of one or more characteristics of the sled (e.g., hardware resources, firmware resources, a configuration of the sled, or a health of sled components). The sled is also to associate an identifier with the manifest data. The identifier uniquely identifies the sled from other sleds. Additionally, the sled is to send the manifest data and the associated identifier to a server. The sled may also detect a change in the hardware resources, firmware resources, the configuration, or component health of the sled. The sled may also generate an update of the manifest data based on the detected change, where the update specifies the detected change in the hardware resources, firmware resources, the configuration, or component health of the sled. The sled may also send the update of the manifest data to the server.